Home Kali Linux Rootless Jailbreakd – Jailbreakd Offering Some More Functionality To The Jailbreak

Kali Linux

Rootless Jailbreakd – Jailbreakd Offering Some More Functionality To The Jailbreak

July 15, 2018

Rootless Jailbreakd is A small jailbreakd offering some more functionality to the jailbreak. Uses CPDisctributedMessageCenter. To compile you need theos (why? cus why not? and I like theos. If you’re smart enough you can still compile it manually very easily so yeah)

Also Read whatweb – Tool to Discover Security Vulnerabilities With Your Web Application

Setup Rootless Jailbreakd

Grab AppSupport headers and add them into your include path (https://github.com/theos/headers/tree/05405174749d912f7726121fcb5f27de73af0f08/AppSupport)
Include “AppSupport/CPDistributedMessagingCenter.h” on your main.m file
Link with https://github.com/jakeajames/rootme-tutorial/blob/master/AppSupport.tbd

The general syntax follows as this:

CPDistributedMessagingCenter *messageCenter = [CPDistributedMessagingCenter centerNamed:@"com.jakeashacks.rootme"];
[messageCenter sendMessageAndReceiveReplyName:@"MESSAGE_NAME" userInfo:[NSDictionary dictionaryWithObject:[NSString stringWithFormat:@"%d", getpid()] forKey:@"pid"]];

Compiling

./make.sh

Commands

At the moment these commands are available

“rootme”: does setuid(0) and setgid(0) for you
“unsandbox”: gets rid of most of the sandbox (This will not be any useful right now since to call jailbreakd you have to be unsandboxed already)
“platformize”: marks your binary as platform by setting TF_PLATFORM and CS_PLATFORM_BINARY
“setcsflags”: Sets some flags such as CS_PLATFORM_BINARY, CS_GET_TASK_ALLOW, CS_DEBUGGED etc
“entitle”: Set entitlement to true or false. Example:

CPDistributedMessagingCenter *messageCenter = [CPDistributedMessagingCenter centerNamed:@"com.jakeashacks.rootme"];
NSMutableDictionary *dict = [NSMutableDictionary dictionary];
[dict setValue:@"com.apple.private.skip-library.validation" forKey:@"ent"]; //entitlement name
[dict setValue:@"true" forKey:@"value"]; //true or false
[dict setValue:[NSString stringWithFormat:@"%d", getpid()] forKey:@"pid"];
[messageCenter sendMessageAndReceiveReplyName:@"entitle" userInfo:dict];

Do binaries need suid permissions or root ownership?

No. I didn’t bother with that because

There isn’t a package manager so all binaries are controlled by you,
there’s no root remount thus nothing can cause a big mess,
you need to be unsandboxed to make a call to jailbreakd (all binaries you run via SSH satisfy this requirement) and that’s enough for me. Is it coming? Probably yes

Rootless Jailbreakd – Jailbreakd Offering Some More Functionality To The Jailbreak

Setup Rootless Jailbreakd

Compiling

Commands

Do binaries need suid permissions or root ownership?

APPLICATIONS

Whatfiles : Log What Files Are Accessed By Any Linux Process

theZoo – A Repository Of LIVE Malwares For Your Own Joy & Pleasure

Stunner : Tool To Test And Exploit STUN, TURN And TURN Over TCP Servers

Maigret : OSINT Username Checker

HOT NEWS

SMBclient-ng : A Comprehensive Tool For Managing SMB Shares

EVEN MORE NEWS

Bomber : Navigating Security Vulnerabilities In SBOMs

EmbedPayloadInPng : A Guide To Embedding And Extracting Encrypted Payloads In...

Exploit Street – Navigating The New Terrain Of Windows LPEs

POPULAR CATEGORY

EfiGuard – Disable PatchGuard and DSE at Boot Time

AtomShields CLI : Security Testing Framework For Repositories & Source Code

TrigMap : A Wrapper For Nmap To Automate The Pentest